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DETAILED ACTION 

1 . This action is responsive to communications: application, filed 10/29/2001 ; 
amendment filed 2/1 6/2006. 

2. Claims 1-25 are pending in the case. Claims 1-24 were amended. 

Response to Arguments 

3. Applicant's arguments filed 2/16/2006 have been fully considered but are not 
persuasive; 

3. 1 . With regards to claim 1 , applicant argues that Gabber (European Patent 
Publication No. 855659 A1 , named as prior art in the first office action) fails to disclose 
"requesting a user data from a user-controlled secure storage device". However, 
Gabber teaches a Central Proxy System a (item 1 10a) which requests user data from a 
user site (item 105a), as described in column 9 line 50 column 10 line 15. Note that 
according to column 12 line 34, the item 105a stores user data. 

Applicant further argues that "Entering data in the browser interface" teaches way from 
such request. It is unclear how the applicant detennlnes that Entering data in browser 
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interface teaches away from such request. The interface prompts the user to enter data. 
This clearly implies that a request for data must have been made to user device, 

Applicant further argues that the rejection failed to cite any teaching of "said requesting 
occurring prior to requesting said user data from another device." However, in Gabber's 
Central Proxy System requests user data from the user site only. Therefore, this request 
must be prior to any other request to another device. 

Therefore, Gabber meets both requirements of request from a user controlled secure 
storage device and the timing requirements. 

3.2. As per claim 2, applicant argues that there is no teaching in the section of central 
proxy receiving a request for the user data. Applicant also argues that the data is 
foHA^arded and not returned. However, column 18 lines 40 to 50 clearly indicate that the 
central proxy server automatically and without user intervention transmits the requested 
user data to the server. This implies that the request for data must be received by the 
Central Proxy System. It also indicates that the data is returned to the server and not 
justfoHA/arded. 

Finally, the applicant argues that the three requirements that must be met before 
returning data is not taught: 
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1- "if said user data is found". This requirement is implicit in Gabber. If the data is not 
found, it cannot be transmitted. Therefore, when the Central Proxy transmits the data, it 
must have founded the data. 

2- "if said returning user data for said request is enabled" Column 9 line 12 to 15 
indicates that the proxy will transmit the data only if it is the user's choice to have the 
proxy send the data. This clearly meets the requirement of "said request is enabled". 

3- " if said user data comprises static user data". Column 4 line 39 to 45 teaches that 
the Proxy server is a communication conduit that may remove or.substitute some 
portion of messages. Furthermore, column 4 line 4 to 21 clearly indicates that the 
objective of Gabber's method is to protect user privacy and identity. Therefore, only 
data that has to the potential to reveal user secrets are re-configured. The other data, 
such as details of a product that the user is ordering is not modified, and simply 
transmitted to the server. Therefore, Gabber reconfigures some data to protect user 
privacy (dynamic data) and transmit other data that won't jeopardize user privacy (static 
data). Therefore, Gabber modifies user data based on certain conditions. 

Applicant also argues that since the proxy performs interactions, this teaches away from^ 
operation being performed by a user device. However, as described in column 9 line 8 
to 23, the user provides the secrets and is in control to choose the proxies and their 
operation. Therefore, the proxies are user-controlled secure devices. 
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3.3. As per claim 3, applicant argues that Gabber teaches or suggests nothing about 
a server detemiining the particular type of data, static or dynamic, and then taking 
action based on the determination. However, Gabber does determine if the data is 
dynamic or static and take action accordingly. Per applicant's paragraph 245 to 248, 
data is put into aggregation based on prior user activity with a certain site. According to 
paragraph 251, aggregation is privacy protecting. Therefore, applicant's aggregation of 
usei" data to dynamic and static data is based on prior history of activity of user with 
servers, with the intention of protecting privacy. As pointed out in the first action, per 
Gabber paragraph 1 to 19, proxy systems provide substitution identifier (modified or 
reconstructed dynamic data) to server sites. This allows users to browse the network. 
anonymously . Another example of Gabber modifying a dynamic data is column 15 line 
10 to 38, where the user email address (dynamic data) is modified by proxy server to 
protect user privacy. Therefore, Gabber teaches the same invention with the same level 
details as in claim 3. 

3.4. As per claims 4, 5, and 6, applicant argues that the rejection is not well founded. 
Examiner respectfully disagrees with such assessment. The rationale behind rejection 
of claims 4. 5,and 6 is based on similarity of those claims with claims 1 to 3, with the 
only difference being the use of "cookies in claims 4 to 6 instead of "user data" in claims 
1 to 3. As per applicant's paragraph 4 and also paragraph 214, cookies contain user 
data saved by a server at the user site. This is also taught by Gabber in column 18 line 

1 to 23. Gabber protects user data captured in cookies the same way as it protects 
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general user data. Therefore, all operations performed by Gabber's method to user data 
are also applicable to cookies. Therefore, Gabber discloses claims 4 to 6 in completely 
and with identical level of details. 

Applicant argues that combining a cookie, which the user does not control, with entry of 
data by a user is a modification of Gabber. It is unclear why the applicant discusses 
combining a cookie with entry of data by a user. As mentioned before, cookies are user 
data save by a server on user device. The user data, whether entered by the user or 
obtained otherwise, is saved in cookies if the web server desires to access the data in 
future sessions. It is the user data that Gabber transmits or modifies (for privacy 
protection) to the server. Therefore, Gabber discloses protection of user data as 
described in claims 1 to 3 and protection of Coolies as disclosed in claims 3 to 6. 

3.5. As per claims 7 and 13, 8 and 14, 9 and 15, 10 an 16, 11 and 17, 12 and 18, 
applicant argues similar to above discussions as those claims each include limitations 
similar to claims 1, 2, 3, 4, 5, and 6. However, as described in sections 3.1 to 3.4 
above, all applicant's arguments are moot, and therefore, all the mentioned claims 
remain rejected. 

3.6. As per claims 19, 21 , 22, and 24, applicant argues that meeting the claim 
requirements requires the modification of Gabber. However, as indicated in sections 3.7 
to 3.10 of the first office action, all claim limitations are completely taught by Gabber 
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without any need for modification. Another basis of applicant's argument is the 
argument against rejection of claims 1,3,4, and 6. As applicant's arguments against 
rejection of claims 1 , 3, 4 and 6 are moot (sections 3.1 to 3.4 above), all mentioned 
claims remain rejected. 

3.7. As per claims 20 and 23, applicant's argument against claim rejections is based 
on applicant's arguments against rejections of claims 2, 4 and 5. However, as discussed 
in sections 3.1 to 3.4 above, applicant's arguments is moot, and therefore, claims 20 
and 23 remain rejected. 

3.8. As per claim 25, applicant argues that "a substitute identifier in Gabber is not 
obtained in response to enrolling for a service on said communications network". The 
applicant argues that Gabber teaches away from the invention because Gabber taught 
substitute identifier was obtained before enrolling for a service so that the substitute 
identifier could be used to enroll the service. However, Gabber does not teach away 
from the claimed invention and in fact teaches exactly the claim limitations. The 
randomized ID is obtained to protect user identity when enrolling for a network service 
(column 10 line 30 to 55). Therefore, it is obtained only when the user is enrolled for a 
service. Therefore, it is obtained in response to enrolling for a service on said data 
communication network. It is unclear how the applicant determines that Gabber issues 
the randomized ID before enrolling to the service. However, even if that were the case, 
the randomized ID is still obtained in response to enrollment in a service, as it is created 
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for the purpose and as a direct result of enrolment to the service. Therefore, Gabber 
teaches the limitations of claim 25. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. ♦ . 

3. Claims 1 to 19, 21, 22 and 24 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Gabber (European Patent Publication No. 855659 A1, published July 
29, 1998). 

3.1 . As per claim 1 , Gabber is directed to a method for browsing a data 
communication network (column 6 line 1 to 19), the method comprising: 

requesting user data (Fig. 2 and 3 and column 9 line 50 to column 10 line 15, 
also mentioned in column 12 line 45 to 48) from a user controlled secured 
storage device (which may be the user device itself, or the peripheral proxy 
server as described in column 1 Iine15 to 15 and also in column 12 line 31 to 33. 
Also note that the user device stores user data as indicated in column 12 line 31 
to 35) if a network site that requires user data is accessed (column 14 line 9 to 
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16) said requesting occurring prior to requesting said user data from another 
device; and sending said user data to a network server associated with said 
network site if said user data is received from the said user controlled secure 
storage device (column 14 line 9 to 16). 

3.2. As per claim 2, Gabber is directed to a method for browsing a data 
communication network (column 6 line 1 to 19), the method comprising: 

receiving, by a user-controlled secure device (the proxy server is secured and is 
user-controlled as the user controls which proxy perform data modification (see 
column 9 line 12 to 15)), a request for user data (column 13 line 34 to 35) ; 
returning said user data by a user-controlled secured device if said user data is 
found stored on said user-controlled secure device and if returning said user data 
for said request is enabled and if said user data comprise static user data (static 
data is user data that requires no modification since it does not reveal user 
identity. As per column 13 line 35 to 41 , the user original request is fooA^arded to 
the server with no modification); reconfiguring said user data if said user data is 
found and if returning user data for said request is enabled and if said user data 
comprises dynamic user data (dynamic user data is the data that must be 
modified to protect user identity. As per column 13 line 50 to column 14 line 5, 
user name is reconfigured before sending to server); and returning said 
configured user data by said user-controlled secure device (column 14 line 6 to 
16). 
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3.3. As per claim 3, Gabber is directed to a method for servicing data communication 
network (column 6 line 1 to 19). information units, the method comprising: 

receiving user data associated with a network site by a server (which is the 
function of a proxy or a web server, exemplified in Fig. 1,2,5 and 6 item 1 lOg 
and mentioned in column 6 line 16 as server sites); determining by said server 
whether said user data comprises static user data or said data comprises 
dynamic user data (the proxy sends static user data with no change as described 
in column 13 line 38, and modifies dynamic user data as described in column 13 
line 57 to column 14 line 5) using by said server said user data if said 
determining finds said user data comprises static user data; and reconstructing 
by said server said user data before using data if said determining finds said user 
data comprises said dynamic user data (column 8 line 15 to 50 describes 
transmission of user data, such as alias user names, passwords, email 
addresses, postal addresses, credit card numbers to a web server. The proxy 
determines whether data* is dynamic or static itself, as it modifies the dynamic 
data and uses static data with no modification). 

3.4. Claims 4, 5, and 6 are disclosed by Gabber, as they are substantially the same 
as claims 1 , 2, and 3 above, with the distinction of using Cookies to transfer user data. 
Use of Cookies is disclosed by Gabber in column 18 line 1 to 23. 
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3.5. Claims 7 to 12 are disclosed by Gabber, as they are substantially the same as 
claims 1 to 6 above, with the distinction of disclosing a program storage device readable 
by a machine, embodying a program of instructions executable by the machine to 
perform the method of browsing, which is disclosed in column 19. 

3.6. Claims 13 to 18 are disclosed by Gabber, as they are substantially the same as 
claims 1 to 6 above, with the distinction of disclosing an apparatus to perform the 
browsing, which is disclosed in column 19. 

3.7. Claim 19 is disclosed by Gabber, as it is substantially the same as claim 13 
above, with the distinction of disclosing a network browser as means for requesting and 
sending user data, which is disclosed by Fig. 6 item 300 and column 18. 

3.8. Claim 21 is disclosed by Gabber, as it is substantially the same as claim 15 
above, with the distinction of disclosing a network server as means for receiving and 
using user data, which is disclosed by Fig. 6 item llOg. 

3.9. Claim 22 is disclosed by Gabber, as it is substantially the same as claim 19 
above, with the distinction of disclosing a cookie as means for requesting and sending 
user data. Use of Cookies is disclosed by Gabber in column 18 line 1 to 23. 
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3.10. Claim 24 is disclosed by Gabber, as it is substantially the same as claim 21 
above, with the distinction of disclosing a cookie as means for receiving and using user 
data. Use of Cookies is disclosed by Gabber in column 1 8 line 1 to 23. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not Identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 20, 23 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gabber as applied to claim 16 above, and further in view of Palthenghe (U.S. 
Patent Application Publication No. 2001/0011250 A1, published 8/2/2001). 

5.1 As per claim 20, Gabber is directed to the Apparatus of claim 16. Gabber 
specifies an apparatus for browsing a data communications network, but it does not 
include the specific use of a smart card configured to receive a request for user data, 
and returning the data if it is found. Paltenghe teaches a the benefits of using smart 
cards to store key elements of user data or certificates that helps identify 
an authorized user of the application (paragraph [0076]) 
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Gabber and Paltenghe are analogous art because they both specify a method 
providing user data ubiquitously and nomadically while protecting user privacy in data 
networks. 

At the time of invention, it would have been obvious to a skilled person in the art to 
incorporate smart cards as disclosed by Paltenghe in the network browsing apparatus 
of Gabber, as a secure means to store and retrieve user data. 

The motivation to do so would have been to take advantage of smart cards as a 
portable device, which can securely store and upload users' sensitive and private data 
to the application used by the user at users' discretion. 

5.2. Claim 23 is disclosed by Gabber and Paltenghe, as it is substantially the same as 
claim 20 above, with the distinction of disclosing a cookie as means for receiving and 
using user data. Use of Cookies is disclosed by Gabber in column 18 line 1 to 23. 

5.3 As per claim 25, Gabber is directed to an apparatus for enhanced privacy 
protection in identification in a data communications network (column 7 line 1 to 28). 
Gabber specifically mentions the use of a pseudo random generator (column 1 1 line 20 
to 25) to create a network ID for the user to substitute users real ID in network 
transactions. Gabber does not specifically mention the use of smart cards to store 
randomized ID, but Paltenghe discloses the use of smart cards in conjunction with the 
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apparatus disclosed by Gabber (see response to claim 20 above). Therefore, the 
feature is disclosed by Gabber, and further in view of Paltenghe. 

Conclusion 

6. Applicants amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1:1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will exjDire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is (571) 
272-3937. The examiner can be normally reached on 9 hrs Mon-Fri, off Monday 
biweekly. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Farid Homayounmehr 



11/1/2005 
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